General

  • Target

    0cd9cf51666b258656afa5bcde345f57

  • Size

    876KB

  • Sample

    231230-dxth8aeac4

  • MD5

    0cd9cf51666b258656afa5bcde345f57

  • SHA1

    1db8c0fecf084441b2b07f5000760ff400aeda76

  • SHA256

    58e3fd76a19b5822fb2768abbe9bc977913216110a1b32e1b405369dcf52be63

  • SHA512

    fd55ab9c379ff291f0cbfcfa0bc08272a1d57da44d64262d6e1bbd74faaae17a09a13873e8c5525322f280d8f7d439f8faa2aac1646e7fe3a78128497114e1cc

  • SSDEEP

    12288:DpN7uLp2iXSPQtt2NjFwo6ygaNrnCq518OfygkCTlfvWkPjM:D+Lp1tMNjmo6ygaRnHCO6lyvLA

Malware Config

Extracted

Family

redline

Botnet

bkd2

C2

103.246.146.247:3214

Targets

    • Target

      0cd9cf51666b258656afa5bcde345f57

    • Size

      876KB

    • MD5

      0cd9cf51666b258656afa5bcde345f57

    • SHA1

      1db8c0fecf084441b2b07f5000760ff400aeda76

    • SHA256

      58e3fd76a19b5822fb2768abbe9bc977913216110a1b32e1b405369dcf52be63

    • SHA512

      fd55ab9c379ff291f0cbfcfa0bc08272a1d57da44d64262d6e1bbd74faaae17a09a13873e8c5525322f280d8f7d439f8faa2aac1646e7fe3a78128497114e1cc

    • SSDEEP

      12288:DpN7uLp2iXSPQtt2NjFwo6ygaNrnCq518OfygkCTlfvWkPjM:D+Lp1tMNjmo6ygaRnHCO6lyvLA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks